Categories
Uncategorized

An oil company’s senior management has reason to suspect that John Smith, one of the company’s research engineers, illegally took information that was clearly identified as proprietary

HEP1 — HEP1 TASK 1: FORENSIC INVESTIGATION
DIGITAL FORENSICS IN CYBERSECURITY — C840
PRFA — HEP1
COMPETENCIES
4044.2.4 : Forensics Evidence Analysis
The graduate conducts analysis on gathered evidence using forensic cyber tools to determine the nature of a
security breach.
INTRODUCTION
As more companies store information electronically, there is an increased need for digital forensics to
discover the trails of illegal or malicious acts.
In this task, you will use the Electronic Evidence Examiner tool to analyze data files related to a security
breach of a fictitious company. You will analyze the company’s data files for evidence of the breach by
creating a case file in Electronic Evidence Examiner. You will need to provide a Electronic Evidence Examinergenerated HTML report of the evidence, and then create an incident report to present your findings to the
company’s senior management.
You will use the Final Performance Assessment Lab Area in your course to access the Electronic Evidence
Examiner tool and the file to be examined. Instructions for how to access the file and how to download files to
your computer will be included in the lab area, under the “Exercise” tab.
SCENARIO
An oil company’s senior management has reason to suspect that John Smith, one of the company’s research
engineers, illegally took information that was clearly identified as proprietary. He may have been attempting
to distribute this information to a rival company for financial gain. In response to this security breach, the oil
company hired D&B Investigations to conduct an incident investigation. The investigative team went on-site
and captured forensic evidence from the machines the suspect used. Now your team leader has asked you to
examine the forensic evidence captured from the suspect’s computer and create an incident report based on
your findings.
REQUIREMENTS
Your submission must be your original work. No more than a combined total of 30% of the submission and no
more than a 10% match to any one individual source can be directly quoted or closely paraphrased from
sources, even if cited correctly. An originality report is provided when you submit your task that can be used
as a guide.
TASK OVERVIEW SUBMISSIONS EVALUATION REPORT
You must use the rubric to direct the creation of your submission because it provides detailed criteria that
will be used to evaluate your work. Each requirement below may be evaluated by more than one rubric
aspect. The rubric aspect titles may contain hyperlinks to relevant portions of the course.
Create an incident report for senior management on the process you undertook during your investigation.
When you create your case file in Electronic Evidence Examiner, label the file name with your own name and
student ID number.
A. Describe the steps you took to analyze the data file in Electronic Evidence Examiner and include the
Electronic Evidence Examiner-generated report labeled with your own name and student ID number.
B. Describe information about the incident that can be identified from the contents of the Electronic
Evidence Examiner generated-report. Provide details of the incident from the report to support your
description.
C. Summarize the findings of your investigation. Include supporting pieces of evidence that implicate John
Smith in the security breach.
Note: Your summary may include both indirect and direct evidence.
D. Acknowledge sources, using in-text citations and references, for content that is quoted, paraphrased, or
summarized.
E. Demonstrate professional communication in the content and presentation of your submission.
File Restrictions
File name may contain only letters, numbers, spaces, and these symbols: ! -_. * ‘ ( )
File size limit: 200 MB
File types allowed: doc, docx, rtf, xls, xlsx, ppt, pptx, odt, pdf, txt, qt, mov, mpg, avi, mp3, wav, mp4, wma, flv, asf, mpeg,
wmv, m4v, svg, tif, tiff, jpeg, jpg, gif, png, zip, rar, tar, 7z
RUBRIC
A:STEPS OF ANALYSIS
B:INCIDENT DESCRIPTION
NOT EVIDENT
A submission does not describe
the steps taken to analyze the
data file or the report is not
provided.
APPROACHING
COMPETENCE
The submission describes the
steps taken to analyze the data
file, but the description does not
match the information provided
in the report provided, or the
report is not labeled correctly.
COMPETENT
The submission describes the
steps taken to analyze the data
file, providing the Electronic
Evidence Examiner-generated
report that matches the steps
described. The report is labeled
correctly.
C:SUMMARY OF FINDINGS
D: SOURCES
E: PROFESSIONAL COMMUNICATION
NOT EVIDENT
A submission does not describe
the identifiable information
about the incident.
APPROACHING
COMPETENCE
The submission describes the
identifiable information about
the incident based on the report
findings but the information
provided is not correct, or
specific details from the report
that reference the identifiable
information are not provided.
COMPETENT
The submission describes the
identifiable information about
the incident based on the
Electronic Evidence Examinerreport, providing specific details
from the report that reference
the identifiable information.
NOT EVIDENT
A submission does not
summarize the findings of the
investigation.
APPROACHING
COMPETENCE
The submission summarizes the
findings of the investigation and
the supporting evidence that
implicates John Smith is
included, but the supporting
evidence is unclear or
inconclusive.
COMPETENT
The submission summarizes the
findings of the investigation and
the supporting evidence that
implicates John Smith is included,
and the supporting evidence is
clear and conclusive.
NOT EVIDENT
The submission does not include
both in-text citations and a
reference list for sources that
are quoted, paraphrased, or
summarized.
APPROACHING
COMPETENCE
The submission includes in-text
citations for sources that are
quoted, paraphrased, or
summarized and a reference list;
however, the citations or
reference list is incomplete or
inaccurate.
COMPETENT
The submission includes in-text
citations for sources that are
properly quoted, paraphrased, or
summarized and a reference list
that accurately identifies the
author, date, title, and source
location as available. Or the
candidate does not use sources.
NOT EVIDENT
Content is unstructured, is
disjointed, or contains pervasive
errors in mechanics, usage, or
grammar. Vocabulary or tone is
unprofessional or distracts from
the topic.
APPROACHING
COMPETENCE
Content is poorly organized, is
difficult to follow, or contains
errors in mechanics, usage, or
grammar that cause confusion.
COMPETENT
Content reflects attention to
detail, is organized, and focuses
on the main ideas as prescribed
in the task or chosen by the
candidate. Terminology is
pertinent, is used correctly, and
WEB LINKS
Final Performance Assessment Lab Area
Terminology is misused or
ineffective.
effectively conveys the intended
meaning. Mechanics, usage, and
grammar promote accurate
interpretation and
understanding.

Leave a Reply

Your email address will not be published. Required fields are marked *